CVE-2021-29443
CVE-2021-29443 affects the jose npm library. Vulnerable versions of the library perform HMAC tag verification after attempting CBC decryption, creating a possible padding oracle through observable timing differences during decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS5...